Help - Search - Members - Calendar
Full Version: abetterinternet
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Ad-Aware SE Resolved/Inactive Issues
alastair
Jun 9 2006, 03:58 PM
hi

i have a problem with abetterinternet. adware scans detects and quarentines all affected files ect only for them to return on reboot, trying to get me to buy titan antispyware.

please could you help me remove them for good...

log file from bazooka

****************************************
Bazooka Scanner v1.13.03
http://www.kephyr.com/spywarescanner/
http://www.kephyr.com/spywarescanner/library/
support@kephyr.com
Log created 15:43:54.
OS: Windows NT 5.1
Database version: 3.200000
Database format version: 1.020000
Database date: 20060505
Current date: 2006-06-09 15:43


****************************************
Result when scanning:

A Better Internet.dlmax 780.990.000 %WinDir%\dlmax.dll
C:\WINDOWS\dlmax.dll
http://www.kephyr.com/spywarescanner/libra...max/index.phtml

A Better Internet.dlmax 780.990.001 {00000000-59D4-4008-9058-080011001200}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-59D4-4008-9058-080011001200}
http://www.kephyr.com/spywarescanner/libra...max/index.phtml

A Better Internet.susp 783.000.000 %WinDir%\susp.exe
C:\WINDOWS\susp.exe
http://www.kephyr.com/spywarescanner/libra...usp/index.phtml

BTGrab 634.200.000 {00000000-F09C-02B4-6EC2-AD0300000000}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-F09C-02B4-6EC2-AD0300000000}
http://www.kephyr.com/spywarescanner/libra...rab/index.phtml

BTGrab 634.200.001 %WinDir%\BTGrab.dll
C:\WINDOWS\BTGrab.dll
http://www.kephyr.com/spywarescanner/libra...rab/index.phtml

Exploit crackz.ws-2 544.235.000 %SystemDir%\TCPService2.exe
C:\WINDOWS\system32\\TCPService2.exe
http://www.kephyr.com/spywarescanner/libra...s-2/index.phtml

Flingstone Bridge 483.999.001 %SystemDir%\bridge.dll
C:\WINDOWS\system32\\bridge.dll
http://www.kephyr.com/spywarescanner/libra...dge/index.phtml

Pynix 634.865.001 %WinDir%\pynix.dll
C:\WINDOWS\pynix.dll
http://www.kephyr.com/spywarescanner/libra...drv/index.phtml

WStart 433.999.000 %SystemDir%\WStart.dll
C:\WINDOWS\system32\\WStart.dll
http://www.kephyr.com/spywarescanner/libra...art/index.phtml

ZServ 172.834.000 {00000000-C1EC-0345-6EC2-4D0300000000}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-C1EC-0345-6EC2-4D0300000000}
http://www.kephyr.com/spywarescanner/libra...erv/index.phtml

ZServ 172.834.001 %WinDir%\ZServ.dll
C:\WINDOWS\ZServ.dll
http://www.kephyr.com/spywarescanner/libra...erv/index.phtml

****************************************
Auto start entries:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\Despatch\Start Menu\Programs\Startup\desktop.ini
C:\Documents and Settings\Despatch\Start Menu\Programs\Startup\desktop.ini

Go here to analyse the startup entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Run entries:
C-Media Mixer Mixer.exe /startup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\C-Media Mixer

AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\AVG7_CC

Windows Defender "C:\Program Files\Windows Defender\MSASCui.exe" -hide
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Windows Defender

MSConfig C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\MSConfig

Adware.Srv32 C:\WINDOWS\system32\runsrv32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Adware.Srv32

Transponder C:\WINDOWS\system32\susp.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Transponder

CTFMON.EXE C:\WINDOWS\system32\ctfmon.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\CTFMON.EXE


Go here to analyse the run entries and the associated files:
http://www.kephyr.com/filedb/index.php

****************************************
Browser helper objects:

{00000000-59D4-4008-9058-080011001200} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{00000000-59D4-4008-9058-080011001200}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-59D4-4008-9058-080011001200}

{00000000-C1EC-0345-6EC2-4D0300000000} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{00000000-C1EC-0345-6EC2-4D0300000000}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-C1EC-0345-6EC2-4D0300000000}

{00000000-F09C-02B4-6EC2-AD0300000000} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{00000000-F09C-02B4-6EC2-AD0300000000}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000000-F09C-02B4-6EC2-AD0300000000}

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} not set C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

{3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{3ceff6cd-6f08-4e4d-bccd-ff7415288c3b}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ceff6cd-6f08-4e4d-bccd-ff7415288c3b}

{5E8FA924-DEF0-4E71-8A82-A11CA0C1413B} C:\WINDOWS\system32\adobepnl.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5E8FA924-DEF0-4E71-8A82-A11CA0C1413B}

{77701e16-9bfe-4b63-a5b4-7bd156758a37} not set Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{77701e16-9bfe-4b63-a5b4-7bd156758a37}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77701e16-9bfe-4b63-a5b4-7bd156758a37}

{7b55bb05-0b4d-44fd-81a6-b136188f5deb} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{7b55bb05-0b4d-44fd-81a6-b136188f5deb}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b55bb05-0b4d-44fd-81a6-b136188f5deb}

{8333c319-0669-4893-a418-f56d9249fca6} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{8333c319-0669-4893-a418-f56d9249fca6}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8333c319-0669-4893-a418-f56d9249fca6}

{9c691a33-7dda-4c2f-be4c-c176083f35cf} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{9c691a33-7dda-4c2f-be4c-c176083f35cf}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c691a33-7dda-4c2f-be4c-c176083f35cf}

{e52dedbb-d168-4bdb-b229-c48160800e81} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{e52dedbb-d168-4bdb-b229-c48160800e81}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e52dedbb-d168-4bdb-b229-c48160800e81}

{ffd2825e-0785-40c5-9a41-518f53a8261f} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{ffd2825e-0785-40c5-9a41-518f53a8261f}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffd2825e-0785-40c5-9a41-518f53a8261f}


****************************************
Toolbars:

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\system32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{01E04581-4EEE-11D0-BFE9-00AA005B4383} C:\WINDOWS\system32\browseui.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01E04581-4EEE-11D0-BFE9-00AA005B4383}

{0E5CBF21-D15F-11D0-8301-00AA005B4383} C:\WINDOWS\system32\SHELL32.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0E5CBF21-D15F-11D0-8301-00AA005B4383}

{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} Error when opening a registry key, the key doesn't exist. Key: HKEY_CLASSES_ROOT\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\InprocServer32

System error message: The system cannot find the file specified.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

{4D5C8C25-D075-11d0-B416-00C04FB90376} C:\WINDOWS\system32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}

{EFA24E61-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\system32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}

{EFA24E62-B078-11D0-89E4-00C04FC9E26E} C:\WINDOWS\system32\shdocvw.dll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}


****************************************
All processes:

[System Process]
System
smss.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
svchost.exe
svchost.exe
MsMpEng.exe
svchost.exe
svchost.exe
svchost.exe
explorer.exe
BRSVC01A.EXE
BRSS01A.EXE
spoolsv.exe
mixer.exe
avgcc.exe
MSASCui.exe
ctfmon.exe
avgamsvr.exe
avgupsvc.exe
avgemc.exe
CDAC11BA.EXE
wdfmgr.exe
wscntfy.exe
alg.exe
users32.exe
spywarescanner.exe

Go here to analyse the running processes:
http://www.kephyr.com/filedb/index.php

****************************************
Internet Explorer Settings:

Default_Page_URL http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

Local Page C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\

www http://
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\www

provider
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\provider

Local Page C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

Search Page http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

Start Page about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

Use Search Asst no
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Use Search Asst


****************************************
LS CalamityJane
Jun 9 2006, 05:17 PM
Hi alastair,

This isn't the Bazooka forum.

This forum is Lavasoft Support (Adaware SE)

Did you intend to post the Adaware scan instead?
alastair
Jun 15 2006, 12:06 PM
QUOTE(CalamityJane @ Jun 9 2006, 05:17 PM) *
Hi alastair,

This isn't the Bazooka forum.

This forum is Lavasoft Support (Adaware SE)

Did you intend to post the Adaware scan instead?



i would if i knew how and also adaware does not detect all the files that bazoka does - i posted this to try and help as the info should be the same..........
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.